I witnessed this attack recently, basically it’s just some web crawler trying different file names that somebody could have given a mysql dump that they by accident left inside a public directory of a web project.

Disclaimer: What’s explained in this post could be used in dual use cases. Explaining how the attacker works will ultimately help everybody preventing attacks and raise awareness for the attacks.

I wanted to make an API available on the same domain as a single page app built with Vue.js, which means that I had to rewrite a part of the domain to use another port on the same host, but you can also use an entirely different machine or have a load balancer in between.

This is going to be a short post about how to block your webserver from serving a specific file.

WordPress comes with a file called xmlrpc.php which enables you to use their mobile App on self-hosted blogs or enables ping- and trackbacks. However, there is a bunch of bots out there that attempt to brute-force their way in and can produce either high load or actually present a security risk.